Posted by Virus Bulletin on Aug 29, 2005
For the second year running, research presented at the annual Crypto conference raised concerns over the security of commonly-used hash functions.
For the second year running, research presented at the annual Crypto conference has raised concern over the security of commonly-used hash functions. The encryption field was thrown into a frenzy in August 2004 when the security of hash functions MD5, SHA-0 and SHA-1 was called into question (see VB, September 2004, p.3 and October 2004, p.13). Last month, researchers revealed that they have discovered a new, faster attack against the SHA-1 hashing algorithm.
Xiaoyun Wang, one of the team of Chinese researchers that at last year’s Crypto conference outlined methods of finding collisions in the MD4, MD5, HAVEL-128 and RIPEMD algorithms, has announced that the time complexity of a new attack her team has achieved against SHA-1 is 263 (the team’s previous result was 269; brute force is 280). It is also expected that this result will be improved upon over the next couple of months. Wang’s paper can be found at http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new- 2-yao.pdf.
In reaction to the findings, the National Institute of Standards and Technology (NIST) plans to host a two-day Cryptographic Hash Workshop on 31 October and 1 November 2005 to solicit public input on how best to respond to the current state of research in this area.
Posted on 29 August 2005 by Virus Bulletin
